5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090

Analysis

max time kernel
37s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 08:46

Target

5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe
Size

62KB
MD5

06e2d120cb97c2957e6f4f38322c3fe1
SHA1

1ef7f0a7030891949bb7fdd08548b817a8da8180
SHA256

5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090
SHA512

89978897b64caee5530c99a8d8cd6a200fe9a12e22f365aa1663d45897dda4aa37d45c65ee3af37406bd0f580d3373ac4757b00ebebcb718837cfe2a173e2967
SSDEEP

1536:O76iwKMDFwHmWd/+4vW2/dCXLk0YTtQkWn9Wf1i2Ee:OzEwHmqW4vW2/+I0vH9cize

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7yd7o5j.exe	5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7yd7o5j.exe	5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1512 set thread context of 2016	1512	5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2016	5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 2016	1512	5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe	27
PID 1512 wrote to memory of 2016	1512	5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe	27
PID 1512 wrote to memory of 2016	1512	5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe	27
PID 1512 wrote to memory of 2016	1512	5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe	27
PID 1512 wrote to memory of 2016	1512	5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe	27
PID 1512 wrote to memory of 2016	1512	5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe	27
PID 2016 wrote to memory of 1200	2016	5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe	20
PID 2016 wrote to memory of 1200	2016	5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe	20
PID 2016 wrote to memory of 1200	2016	5ea27aa9574db9f55f91b656c0effa54ce09a912b80905145811df2e1fdbe090.exe	20

memory/1200-64-0x00000000021F0000-0x00000000021F3000-memory.dmp

Filesize
12KB

Download
memory/1512-54-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1512-55-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1512-56-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1512-57-0x00000000756A1000-0x00000000756A3000-memory.dmp

Filesize
8KB

Download
memory/1512-62-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1512-63-0x0000000001D20000-0x0000000001D3A000-memory.dmp

Filesize
104KB

Download
memory/2016-58-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2016-61-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2016-66-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download